CVE-2024-41949 biscuit-rust vulnerable to public key confusion in third party block

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

CVE-2024-41949

Biscuit-rust is affected by a public key confusion in third-party blocks. A forged ThirdPartyBlock request can trick a third-party authority into generating datalog that trusts the wrong keypair, enabling under-specified trust relationships. The issue is described across multiple sources (CVE-202...

CVE-2024-41949 biscuit-rust vulnerable to public key confusion in third party block

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

CVE-2024-41949 biscuit-rust vulnerable to public key confusion in third party block

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

biscuit-rust 安全漏洞

biscuit-rust is a Rust implementation of the Biscuit authorization token from the biscuit-auth open source. A security vulnerability exists in biscuit-rust version 4, which stems from the fact that a malicious user's spoofed third-party block request can trick a third-party organization into...